DH parameter reading in OPENSSL 3
openssl at dstoecker.de
Wed Jul 13 16:47:15 UTC 2022
Thanks a lot. Works in principle now with one exception. The previous
approach worked for a file, where first comes the PEM certificate and
afterwards the DH params. The new approach only works when the file has
nothing than the DH params inside. Is there a chance to get that behaviour
back or do I need to load the file and strip the certificate myself?
>> Now it seems the default can be replaced by
>> SSL_CTX_set_dh_auto(context, 1);
> This is preferred over all explicit parameter choices, as it allows the
> server and client to negotiate a common known-strong group.
I thought so and this also will be the default.
Freedom in Peace
https://www.dstoecker.eu/ (PGP key available)
More information about the openssl-users